Protecting Firm and Client IP from Spear-Phishing Attacks

At Rouse, we provide clients with a full range of Intellectual Property (IP) services, from patent and trademark protection and management, to commercialization and global enforcement and anti-counterfeiting programs. Headquartered in the Untied Kingdom, the firm has 16 offices spread out among 13 countries across Asia, Europe and the Middle East, and we employ more than 600 people.

Like most law firms and other organizations today, email is the central hub of our internal communications, as well as our external communications with clients and partners. As the firm’s global IT infrastructure manager, it’s my job to make sure that these email communications are secure from hackers, corruption or corporate leaks. As a firm that handles IP, we know that we are a potential gateway for hackers to try and attempt to access our clients’ valuable data.

While protection of email communications has historically been provided by a traditional spam and antivirus detection system, attackers’ methods have become increasingly sophisticated. As news of advanced cyber-attacks has grown, we knew it was critical to remain protected against a variety of threats. Then, when I noticed a few suspicious-looking emails crept through the security tool we were using at the time, I decided to start considering a review of alternative products.

In 2008, a reseller suggested I look into Mimecast’s cloud-based email security system. Mimecast works by examining and filtering incoming emails from threats before they reach the network via an advanced mail transfer agent (MTA), similar to a bridgehead in the cloud. It has flexible and granular controls for administrators to filter through inbound threats and apply organization-wide policies instantly in order to accommodate rapidly evolving threat scenarios.

During conversations with Mimecast, I was also made aware of the company’s cloud archiving services, which allow for files, emails and instant messaging conversations to be retained. As a law firm, this is critical for not only litigation and e-discovery support, but also our need for a centralized approach to content retention. With critical information all in one place, we are fully auditable and prepared for legal proceedings.

We later adopted another valuable feature Mimecast offers: email continuity. With continuity, users can continue to send and receive emails in the event of a core email server outage. Through a web-based portal, desktop and mobile apps, users have access to their email even if core infrastructure is offline. Since we’ve adopted Mimecast’s email continuity service, our employees and clients have come to depend on this consistent access to our email communications.

The Rise of Spear-Phishing Attacks

Tales of spear-phishing attacks continue to haunt the news – everywhere we turn we hear about companies of all industries that are plagued by malware-laced emails. Unfortunately, attacks are only becoming more targeted, with hackers including malicious links within emails that appear to come from trusted sources. Standard email security gateways are not designed to detect these new attacks or protect users from this very dynamic threat vector. These kinds of sophisticated attacks are designed to foil even the most advanced internal security defenses.

In the fall of 2014, our users began reporting even more potentially threatening emails to the IT department – they wanted to be sure that clicking on the supplied link wouldn’t be dangerous, either by downloading some malware or by asking for credit card or other personal log-in details.

The Solution: Targeted Threat Protection

As the level of identified spear-phishing emails had increased, I decided to approach Mimecast to see if it had anything to protect the firm and our users from such an attack. Mimecast happened to be in the late stages of beta testing a service called Targeted Threat Protection. This advanced email security technology protects users against spear-phishing and targeted attacks in email, by checking for malicious web content every time a link in an email is clicked.

Across all devices, desktop and mobile, Targeted Threat Protection scans all URLs inside emails. This way, if a Rouse employee clicks on a link, Mimecast scans the link before the users’ browser engages to see where it leads. If it’s valid, users are unaware that this safety check has taken place and work is never interrupted. If it is a malicious link, Mimecast flags the problem to users by blocking access to the site. It really is a case of taking a ‘guilty until proved innocent’ approach to email security.

We’re always educating our employees about these dangers internally, and they are well-equipped to recognize and flag suspicious-looking emails. Since applying Targeted Threat Protection into our system, we’ve seen a significant decrease in the number of incidents and calls to the IT department, caused by an employee accidentally clicking on a suspicious-looking link in an email. The solution has made working on-the-go a seamless opportunity, as well. Employees have peace of mind when working from a mobile device, as Targeted Threat Protection keeps their devices from becoming a gateway for hackers to tap into our system.

As global IT infrastructure manager, it’s my job to make sure the tools we’re using not only comply with industry standards, but protect corporate and client IP from security leaks and hacks. In doing so, we also want to find a balance and provide employees with a seamless solution that doesn’t inhibit their ability to work. Mimecast not only meets the level of security required by the firm and regulated compliance standards, but in the event of a server outage, client support and our employees’ consistent availability is also achieved. As we continue to work with Mimecast, we have every confidence that we will be well equipped to handle whatever tomorrow’s threats will bring.